Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PROPFIND on remote.php/webdav when check_for_working_webdav is disabled #9835

Closed
FGIKCM opened this issue Jun 12, 2018 · 3 comments
Closed

PROPFIND on remote.php/webdav when check_for_working_webdav is disabled #9835

FGIKCM opened this issue Jun 12, 2018 · 3 comments

Comments

@FGIKCM
Copy link

FGIKCM commented Jun 12, 2018

On our Nextcloud server, we only allow users to use the web interface to exchange files. We don't want them to use it as a backup method for their files (we have other ways). So we cut WebDav to be sure they won't use a Nextcloud client to sync their data.

But we have a warning in the admin page that WebDav seems to be broken, even if we specify in the config that we don't want Nextcloud to check this functionality.

Steps to reproduce

  1. Install a brand new Nextcloud 13 server
  2. Put in config.php: 'check_for_working_webdav' => false,'
  3. In Apache, put this somewhere to only allow POST and GET http commands:
<Directory />
    <LimitExcept POST GET>
        Deny from all
    </LimitExcept>
</Directory>
  1. Reload Apache
  2. Connect as an admin, 'Settings', 'Basic settings'

Expected behaviour

We should see: "All checks passed."

Actual behaviour

We see: "Your web server is not yet set up properly to allow file synchronization because the WebDAV interface seems to be broken". On Apache logs we see a PROPFIND request:

"PROPFIND /drive/remote.php/webdav HTTP/2.0" 207 -/- (-%)

Server configuration

Operating system:
Debian 9.4 stable amd64

Web server:
apache 2.4.25-3+deb9u4

Database:
mariadb-server 10.1.26-0+deb9u1

PHP version:
php 7.0.27-0+deb9u1

Nextcloud version: (see Nextcloud admin page)
13.0.3

Updated from an older Nextcloud/ownCloud or fresh install:
fresh install

Where did you install Nextcloud from:
https://nextcloud.com/install/#instructions-server

Login as admin user into your Nextcloud and access 
http://example.com/index.php/settings/integrity/failed 
No errors have been found.

List of activated apps:

 occ app:list
Enabled:
  - activity: 2.6.1
  - dav: 1.4.7
  - federatedfilesharing: 1.3.1
  - files: 1.8.0
  - files_sharing: 1.5.0
  - files_texteditor: 2.5.1
  - files_trashbin: 1.3.0
  - files_videoplayer: 1.2.0
  - gallery: 18.0.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.1.0
  - notifications: 2.1.2
  - oauth2: 1.1.1
  - password_policy: 1.3.0
  - provisioning_api: 1.3.0
  - serverinfo: 1.3.0
  - systemtags: 1.3.0
  - theming: 1.4.5
  - twofactor_backupcodes: 1.2.3
  - updatenotification: 1.3.0
  - workflowengine: 1.3.0
Disabled:
  - admin_audit
  - comments
  - encryption
  - federation
  - files_external
  - files_pdfviewer
  - files_versions
  - firstrunwizard
  - nextcloud_announcements
  - sharebymail
  - survey_client
  - user_external
  - user_ldap

Nextcloud configuration:

Config report 
{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "***REMOVED SENSITIVE VALUE***"
        ],
        "force_language": "en",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "https:\/\/<my-server>.fr",
        "dbtype": "mysql",
        "version": "13.0.3.2",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "overwriteprotocol": "https",
        "overwritewebroot": "\/drive",
        "htaccess.RewriteBase": "\/drive",
        "openssl": {
            "config": "\/etc\/ssl\/openssl.cnf"
        },
        "skeletondirectory": "***REMOVED SENSITIVE VALUE***\/drive\/skeleton",
        "tempdirectory": "***REMOVED SENSITIVE VALUE***\/data\/php_upload",
        "directory": ***REMOVED SENSITIVE VALUE***"\/data\/drive\/data",
        "knowledgebaseenabled": false,
        "defaultapp": "files",
        "enable_avatars": false,
        "trashbin_retention_obligation": "auto, 2",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "log_type": "syslog",
        "logfile": "",
        "loglevel": "2",
        "syslog_tag": "Nextcloud",
        "logdateformat": "F d, Y H:i:s",
        "logtimezone": "Europe\/Paris",
        "proxy": "",
        "proxyuserpwd": "***REMOVED SENSITIVE VALUE***",
        "check_for_working_webdav": "false",
        "check_for_working_wellknown_setup": false,
        "auth.bruteforce.protection.enabled": true,
        "updatechecker": true,
        "updater.release.channel": "stable",
        "appstoreenabled": true,
        "appcodechecker": true,
        "apps_paths": [
            {
                "path": "***REMOVED SENSITIVE VALUE***\/nextcloud\/apps",
                "url": "\/apps",
                "writable": true
            }
        ],
        "memcache.local": "\\OC\\Memcache\\APCu",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}

Are you using external storage, if yes which one: local/smb/sftp/...
No

Are you using encryption: yes/no
No

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
No

Client configuration

Browser:
Tested with Firefox + IE 11

Operating system:
Windows 10 build 1803

Logs

Web server error log

Web server error log 
Insert your webserver log here

Nextcloud log (data/nextcloud.log)

Nextcloud log 
No particular Nextcloud log. Only Apache access on my syslog

Browser log

Browser log
  • No JavaScript error
  • On network panel, we see the PROPFIND request to drive/remote.php, which fails with 403 error code (as I blocked it in Apache)
@rullzer
Copy link
Member

rullzer commented Jun 12, 2018

Ah I see we need to update the docs.

But you can't disable your webdav. As the webUI also uses webdav.

@MorrisJobke
Copy link
Member

But you can't disable your webdav. As the webUI also uses webdav.

Closing because you are not allowed to disable random HTTP methods. All are needed to have a working Nextcloud.

Docs fixes are in #9844 and #9845

@FGIKCM
Copy link
Author

FGIKCM commented Jun 13, 2018

Ah ok, so this config option is not valid anymore.

Too bad, it was a good idea... I think you should then add a new option to specify if Nextcloud clients are allowed to connect on our server, or if we just want the web UI.

@nextcloud-bot nextcloud-bot mentioned this issue Jul 14, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rullzer @MorrisJobke @FGIKCM